1hAck-0 / zeroimportLinks
ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel driver by importing at runtime.
☆50Updated 2 years ago
Alternatives and similar repositories for zeroimport
Users that are interested in zeroimport are comparing it to the libraries listed below
Sorting:
- Compileable POC of namazso's x64 return address spoofer.☆50Updated 5 years ago
- POC Hook of nt!HvcallCodeVa☆54Updated 2 years ago
- ☆37Updated last year
- A poc that abuses Enclave☆40Updated 3 years ago
- ntoskrnl .data hooks for UM-KM communication☆53Updated last year
- PAGE_GUARD based hooking library☆52Updated 3 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆133Updated 2 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Updated 3 years ago
- silence file system monitoring components by hooking their minifilters☆59Updated 2 years ago
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆60Updated last year
- A native Windows library for intercepting kernel-to-user transitions using instrumentation callbacks☆28Updated 2 years ago
- A modern, mod independent open source cheat for Enemy Territory☆70Updated 2 months ago
- Binary rewriter for 64-bit PE files.☆99Updated 2 years ago
- Windows PDB parser for kernel-mode environment.☆104Updated 8 months ago
- A simple tool to assemble shellcode ready to be copy-pasted into code☆71Updated 3 years ago
- x64 Windows implementation of virtual-address to physical-address translation☆46Updated 4 years ago
- CVE-2022-3699 with arbitrary kernel code execution capability☆71Updated 3 years ago
- Bypassing kernel patch protection runtime☆21Updated 2 years ago
- Custom KiSystemStartup, can be used to modificate kernel before boot.☆53Updated 3 years ago
- windows rootkit☆60Updated last year
- windows kernelmode driver to inject dll into each and every process and perform systemwide function hooking☆53Updated 3 years ago
- hidden_syscall - syscaller without using syscall instruction in code☆62Updated 3 years ago
- Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData☆22Updated 2 years ago
- Virtual and physical memory hacking library using gigabyte vulnerable driver☆71Updated 2 years ago
- windows kernel pagehook☆41Updated 3 years ago
- Experiment with PAGE_GUARD protection to hide memory from other processes☆54Updated last year
- PoC kernel to usermode injection☆104Updated last year
- Allows for same-file KernelMode function execution using Encrypted addresses of Functions☆50Updated 4 months ago
- A simple way to spoof return addresses using an exception handler☆43Updated 3 years ago
- ☆25Updated 4 years ago